Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation

2 msg	sendmail-bin: uninstallable due to unavailable ...
1 msg	Sono in ferie!
1 msg	A femdom bondage movie from Sally
4 msg	Fix for one of the two vulnerabilities
16 msg	Why is portmap installed by default?
1 msg	While
1 msg	didnt win
1 msg	tremendous breadth
1 msg	Bug BaitAlien
1 msg	what is this 'postponed publickey for user' in ...
1 msg	KEEP YOUR WINNING INFORMATION CONFIDENTIAL TILL...
1 msg	chrootkit sniffers

Re: [SECURITY] [DSA 1150-1] New shadow packages...
\ Steffen Hoffmann (14 Aug 2006)
. \ dann frazier (14 Aug 2006)
. \ Martin Pitt (16 Aug 2006)

9 msg	chkrootkit sniffers
3 msg	Re: [SECURITY] [DSA 1134-1] New Mozilla Thunder...
1 msg	Updated: Russian and Ukrainian translation/loca...
1 msg	Re: [SECURITY] [DSA 1148-1] New gallery package...
1 msg	RE: [SECURITY] [DSA 1147-1] New drupal packages...
2 msg	Re: [SECURITY] [DSA 1145-1] New freeradius pack...
1 msg	Lukáš Rampa is out of the office.

Subject:	Re: [SECURITY] [DSA 1150-1] New shadow packages fix privilege escalation
Group:	Debian-security
From:	Martin Pitt
Date:	16 Aug 2006

Hi,

Martin Schulze [2006-08-12 18:50 +0200]:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 1150-1 security
> http://www.debian.org/security/ Martin Schulze
> August 12th, 2006 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : shadow
> Vulnerability : programming error
> Problem type : local
> Debian-specific: no
> CVE ID : CVE-2006-2194

This is a wrong CVE, CVE-2006-2194 is a vulnerability in ppp.

Maybe you mean CVE-2006-3378?

Thanks,

Martin

--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?